Re: [Rpm-maint] [rpm-software-management/rpm] Check packages for consistency when opening them (Issue #2937)

[Panu Matilainen]

This would actually be more like a long-term project than an individual ticket 
you can just fix, because it's just enormous.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2937#issuecomment-1968508933
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Check packages for consistency when opening them (Issue #2937)

[Florian Festi]

There are several assumptions abut how a proper package looks like and those 
are checked in rpmbuild but rpm itself does often not enforce them on reading. 
This can create problems when packages are being created with 3rd party tools. 
This is also a potential security risk (although having manipulate packages 
passing signature checks is already a game over).

Properties that should be checked are:

* Legal characters and name patterns for dependencies, NERVA, etc
* Number of tag entries match in related tags (files, dicts, dependencies, ...)
*  File flags match the file types
* ...

See #2906 for the initial discussion about flags

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2937
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint